Configure cas for single-point logon instances

Build a complete Single Sign-On instance by combining cas official documents and a Chinese tutorial. In the official Configuration documentation, each step of the configuration is described in detail, but the software versions are older and some links provided in the documentation are invalid. Wiki. jasig. orgdisplayCASUMDemosmall_love Chinese tutorial is very refined blog. csdn. netsm

Build a complete Single Sign-On instance by combining cas official documents and a Chinese tutorial. In the official Configuration documentation, each step of the configuration is described in detail, but the software versions are older and some links provided in the documentation are invalid. Https://wiki.jasig.org/display/CASUM/Demo small_love Chinese tutorials are very refined http://blog.csdn.net/sm

Build a complete Single Sign-On instance by combining cas official documents and a Chinese tutorial.

In the official Configuration documentation, each step of the configuration is described in detail, but the software versions are older and some links provided in the documentation are invalid.
Https://wiki.jasig.org/display/CASUM/Demo

Small_love Chinese tutorials are very refined
Http://blog.csdn.net/small_love/article/details/6664831

System Environment-windows 7 32

The detailed configuration process is as follows:

For some network reasons, cas official website (www.jasig.org/cas) cannot be accessed.

Tomcat 6.0.37
Http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.37/bin/

Cas-server 3.5.2
Http://downloads.jasig.org/cas/

Cas-client 3.2.1
Http://downloads.jasig.org/cas-clients/

The above is only the directory where the software is located. Download the corresponding file type as needed.

1. JDK environment Configuration
Please refer to the relevant tutorials.
Cas-server-3.5 needs jdk1.6 or later versions, this example jdk1.6.0 _ 21

2. Use the built-in JDK keytool to create a certificate
If JAVA_HOME is added to the system path variable, you can directly execute the command in the doscommand window of any directory; otherwise, you need to switch to the java tool directory (such as C: \ Program Files \ Java \ jdk1.6.0 _ 21 \ bin)

// Generate the certificate and store it in the Custom certificate store. The entered password is the certificate store password.

Keytool-genkey-alias tomcat-keyalg RSA-keystore C:/keystore
Enter the keystore password: 123456
Enter the new password again: 123456
What is your first name and last name?
[Unknown]: compA
What is the name of your organization?
[Unknown]: IT
What is your organization name?
[Unknown]: Inc
What is the name of your city or region?
[Unknown]: SZ
What is the name of your state or province?
[Unknown]: JS
What is the two-letter country code for this unit?
[Unknown]: CN
CN = compA, OU = IT, O = Inc, L = SZ, ST = JS, C = CN?
[No]: Yes
Primary password entered
(If the password is the same as the keystore password, press Enter): Press ENTER

// Export the Certificate file from the custom certificate library. The password is the password of the custom certificate library.

Keytool-export-file C:/server. crt-alias tomcat-keystore C:/keystore
Enter the keystore password: 123456
Authentication stored in files

// Import the certificate to the JDK certificate library. The required password is the JDK certificate library password, which is changeit by default.

Keytool-import-keystore "% JAVA_HOME % \ jre \ lib \ security \ cacerts"-file C:/server. crt-alias tomcat
Enter the keystore password: changeit
Owner: CN = compA, OU = IT, O = Inc, L = SZ, ST = JS, C = CN
Issuer: CN = compA, OU = IT, O = Inc, L = SZ, ST = JS, C = CN
Serial number: 52564247
Validity Period: Thu Oct 10 13:59:35 CST 2013 to Wed Jan 08 13:59:35 CST 2014
Certificate fingerprint:
MD5: 4D: 9A: FE: 3E: CB: 72: CF: FC: 00: FF: 74: 96: 0C: 24: 22: 2D
SHA1: 9E: 61: 59: FF: 27: A2: 3B: EA: 58: 06: 31: F9: 5B: BA: C4: FA: D8: 1D: 62: 6B
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certification? [No]: Yes
The authentication has been added to the keystore.

If an error occurs, it may be that the JDK certificate library password has been modified. If you do not know the password, delete the % JAVA_HOME % \ jre \ lib \ security \ cacerts file, re-import the certificate. A new certificate library is automatically created and the password of the certificate library is required.
Keytool error: java. io. IOException: Keystore was tampered with, or password was incorrect

You can use the following command to modify the certificate library password:

C: \ Users \ flyash> keytool-storepasswd-keystore "% JAVA_HOME % \ jre \ lib \ security \ cacerts"

3. Configure the cas Server
Install Tomcat 6.0.37.

Unzip the downloaded cas-server-3.5.2, copy the cas-server-webapp-3.5.2.war under the modules folder to the webapps directory of tomcat, and rename it as cas. war

Modify the server. xml file in the conf directory of tomcat, and remove the notes for configuring SSL on port 8443. The modified configuration is as follows:

? View Code XML

Start tomcat and access https: // localhost: 8443/cas/to view the logon page of cas. the browser will prompt that the certificate is untrusted. ignore or add exceptions.

4. Configure the cas Client
In this example, the cas client and server use the same tomcat for demonstration only. In actual use, the client and server are generally different from tomcat (server.

Unzip the downloaded cas-client-3.2.1 and copy the cas-client-core-3.2.1.jar and commons-logging-1.1.jar under the modules folder to the webapps \ examples \ WEB-INF \ lib directory under tomcat.

Modify the web. xml file under tomcat webapps \ examples \ WEB-INF, add cas filter, here the address of the cas server cannot be localhost, here by modifying the host file custom Domain Name Pointing to the Local Machine

? View Code XML

    
         
  
   
CASFilter
          
  
   
Org. jasig. cas. client. authentication. AuthenticationFilter
          
              
   
    
CasServerLoginUrl
               
   
    
Https: // compa: 8443/cas/login
           
          
              
   
    
ServerName
               
   
    
Http: // localhost: 8080
           
      
     
         
  
   
CASFilter
          
  
   
/Servlets/servlet/HelloWorldExample
      
      
     
         
  
   
CAS Validation Filter
          
  
   
Org. jasig. cas. client. validation. cas20proxyconfiguringticketvalidationfilter
          
              
   
    
CasServerUrlPrefix
               
   
    
Https: // compa: 8443/cas
           
            
              
   
    
ServerName
               
   
    
Http: // localhost: 8080
           
      
     
         
  
   
CAS Validation Filter
          
  
   
/Servlets/servlet/HelloWorldExample
      
  
     
         
  
   
Org. jasig. cas. client. session. SingleSignOutHttpSessionListener
      
      
     
         
  
   
CAS Single Sign Out Filter
          
  
   
Org. jasig. cas. client. session. SingleSignOutFilter
      
     
         
  
   
CAS Single Sign Out Filter
          
  
   
/Servlets/servlet/HelloWorldExample
      
  
     
         
  
   
CAS HttpServletRequest Wrapper Filter
          
  
   
Org. jasig. cas. client. util. HttpServletRequestWrapperFilter
      
     
         
  
   
CAS HttpServletRequest Wrapper Filter
          
  
   
/Servlets/servlet/HelloWorldExample
      
      
     
         
  
   
CAS Assertion Thread Local Filter
          
  
   
Org. jasig. cas. client. util. AssertionThreadLocalFilter
      
     
         
  
   
CAS Assertion Thread Local Filter
          
  
   
/Servlets/servlet/HelloWorldExample
      
 

Modify the host file and add a line. Note that the domain name (host name) is in lowercase.

127.0.0.1compa

Restart tomcat and access http: // localhost: 8080/examples/servlets/servlet/HelloWorldExample. The cas logon page is displayed.

Enter the username and password admin. After logon, return to the hello world page.
Related Articles

Original article address: Configure cas to implement Single-point logon instance. Thank you for sharing it with the original author.